The examples in this chapter take a naive approach to user input. They expect user to send information to the scripts only though the HTML forms. They also assume user won't submit data outside expected values. Some values may be harmless. Giving a word where the script expects a number will simply result in zero. Some values may disturb the user interface. For example, a long string without any spaces may stretch an HTML page to a width that exceeds the viewable area. Randal Schwartz coined the purple dinosaur technique that involves submitting an HTML image tag where an application expects plain text. Some values may actually be harmful, such as shell commands smuggled into text fields.



主要是 Randal Schwartz coined the purple dinosaur technique that involves submitting an HTML image tag where an application expects plain text.
不懂是什么意思~~~

有那个E文强的帮忙看一下 ......